Como fazer uma campanha de Phishing

Introduction

This tutorial will guide you through the process of conducting a phishing campaign using Gophish, a popular open-source phishing framework. Understanding how phishing campaigns work is essential for cybersecurity professionals to develop effective defenses against such attacks. This guide is intended for educational purposes only.

Step 1: Set Up Gophish

• Download Gophish:

  • Visit the Gophish GitHub page to download the latest release.
  • Choose the appropriate version for your operating system.

• Install Gophish:

  • Extract the downloaded files.
  • Open a terminal or command prompt.
  • Navigate to the extracted Gophish directory.

• Run Gophish:

  • Execute the following command to start the server:

    ./gophish
    

  • By default, Gophish runs on port 3333.

Step 2: Access the Gophish Dashboard

• Open Your Browser:

  • Go to http://localhost:3333 to access the Gophish dashboard.

• Log In:

  • Use the default credentials (username: admin, password: gophish) to log in. Remember to change the password for security.

Step 3: Configure Sending Profile

• Navigate to Sending Profiles:

  • Click on the “Sending Profiles” tab on the left sidebar.

• Create New Profile:

  • Click on the “New Sending Profile” button.
  • Fill in the necessary details:
    • Name: Choose a recognizable name for this profile.
    • SMTP Server: Enter the SMTP server details from which you will send emails.
    • Username and Password: Enter the credentials for the SMTP server.

• Test the Profile:

  • Use the “Test Sending Profile” feature to ensure your profile is set up correctly.

Step 4: Create a Phishing Campaign

• Access Campaigns:

  • Click on the “Campaigns” tab.

• Initiate New Campaign:

  • Click on the “New Campaign” button.
  • Fill in the campaign details:
    • Name: Give your campaign a descriptive name.
    • Email Template: Select or create an email template that will be used for this campaign.

• Set Targeting Options:

  • Choose the recipients for your campaign.
  • You can upload a CSV file with email addresses or enter them manually.

Step 5: Design the Email Template

• Create a New Template:

  • Click on the “Email Templates” tab.
  • Select “New Email Template”.

• Compose Your Email:

  • Use the editor to write your email content.
  • Ensure that your email appears legitimate and includes a call to action.

• Include Tracking:

  • Use links that track clicks to gauge the campaign's success.

Step 6: Launch the Campaign

• Review Campaign Settings:

  • Double-check all settings and ensure that everything is configured correctly.

• Launch:

  • Click on the “Launch Campaign” button to start sending emails.

Conclusion

You have now learned the basic steps to set up and execute a phishing campaign using Gophish. Remember, this information is provided for educational purposes to help you understand phishing tactics and improve cybersecurity measures. Always use these skills responsibly and ethically. Consider further exploring Gophish’s features to enhance your phishing simulations and training programs.